MemorySegment::reinterpret removes read-only property

XMLWordPrintable

    • Type: CSR
    • Resolution: Approved
    • Priority: P3
    • 23, 24
    • Component/s: core-libs
    • None
    • behavioral
    • low
    • Hide
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned.

      It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
      Show
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned. It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
    • SE

      Summary

      The MemorySegment::reinterpret overloads shall retain the read-only state from the original segment. Currently, this is not the case.

      Problem

      It is possible to "crack open" a read-only segment by reinterpretation. This was not intended by the API designers and is a flaw.

      Solution

      Retain the read-only state for reinterpreted segments.

      Specification

      <pre> diff --git a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java index 6c75c0385fa78..0318310e09f69 100644 --- a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java +++ b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java @@ -706,6 +718,10 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { /** * Returns a new memory segment that has the same address and scope as this segment, * but with the provided size. + * <p> + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. + * * * @param newSize the size of the returned segment * @return a new memory segment that has the same address and scope as @@ -741,6 +757,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@link #byteSize()}. + * <p> + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its @@ -786,6 +805,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@code newSize}. + * <p> + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its</pre>

            Assignee:
            Per-Ake Minborg
            Reporter:
            Jorn Vernee
            Jorn Vernee
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: